This invention relates generally to computer network communications. More particularly this invention relates to network security and remote execution of security processes.
The Internet is one of the fastest growing and ubiquitous modes of commerce. Many companies have Internet servers prepared for commercial delivery of goods and services. At first, the products found on the Internet or more specifically, the world wide web (WWW) were computer-based products, but today, more and more businesses are competing to set up commercial services on the world wide web.
A common problem with the Internet is a lack of secure communication channels. In order for hospitals, governments, banks, stock brokers, and credit card companies to make use of the Internet, privacy and security must be ensured. Further, many consumers are hesitant about providing credit card information via the Internet.
One approach to solving the aforementioned problem uses data encryption. A server is provided with an encryption unit; and, encryption keys are stored within the encryption unit. A known encryption algorithm is used such as a public-key/private-key system. In use, a user sends information in an encrypted form so that only the encryption means using a private-key can decrypt (or decipher) the encrypted information. Upon receiving the information, an Internet server provides it to an encryption means for decryption. Decrypted data is passed back to the Internet server. Often, the encryption means forms part of the server.
Likewise, when information is to be sent to a recipient and is of a confidential nature, it is passed to the encryption means for encryption using a public-key prior to transmission. In this way, data is passed in a more secure fashion and access to the encryption keys is limited.
Another encryption scheme commonly used makes use of session-keys which are exchanged each time a connection is made and which change with each connection to a server. Using session-key, limits the amount of data encrypted with given key and thereby enhances security. Unfortunately, most session keys are generated using a predictable algorithm which provides significant security against common access but limited security against experienced security experts.
Presently, most implementations of security encryption rely on an algorithm existent in both the server and a client computer. Such algorithms are incorporated in popular network software such as Netscape Navigator(copyright). An encryption key is exchanged and a computer, using a standard algorithms as incorporated into many network software packages, performs encryption of data for transmission and decryption of data upon receipt.
Thus, in an attempt to overcome these and other limitations of known prior art devices, it is an object of this invention to provide a method for securely transmitting data across a network that is not confined to a single encryption algorithm.
It is a further object of this invention to provide a method for securely transmitting data across a network that is capable of real time modification in order to increase security.
In accordance with the invention, there is provided a method of enhancing network security comprising the steps of:
(a) initiating a communication session between a first computer and a second other computer;
(b) transmitting from the first computer to the second other computer in communications therewith a process for securing communication therebetween;
(c) securing communications on the second other computer using said process, and
(d) securing communications on the first computer using a process associated with the transmitted process; and,
(e) erasing the process from the second other computer approximately when the communication session is ended.
In accordance with this invention, there is provided a method of enhancing network security comprising the steps of:
(a) initiating a communication session between a first computer and a second other computer;
(b) transmitting from the first computer to the second other computer in communication therewith a process for charactering user authorisation information;
(c) characterising user authorisation information received at the second other computer to produce data using the process for characterising user authorisation;
(d) transmitting the data to the first computer; and
(e) comparing the data received by the first computer to information on the first computer to determine a value and when the value is within predetermined limits performing one of identifying a source of the biometric information and authorising access from the second other computer to information secured by the first computer.
In accordance with another embodiment of the invention, there is provided a method of enhancing network security comprising the steps of:
(a) initiating a communication session between a first computer and a second other computer;
(b) transmitting from the first computer to the second other computer in communication therewith a process for characterising biometric information, the process comprises the steps of:
accepting a first biometric information sample from a biometric source of the individual to a biometric input device in communication with a host processor;
using the processor of the second other computer, characterising the biometric information sample;
(c) executing the process on the second other computer;
(d) transmitting the characterised first biometric information to the first computer;
(e) using the processor of the first computer, registering the characterised first biometric information sample with a first template to produce a first registration value;
(f) when the first registration value is within predetermined limits, identifying the individual;
(g) when the first, registration value is within other predetermined limits, transmitting a signal indicative of such to the second other computer and performing the steps of
(g1) executing the process on the second other computer with another different biometric information source;
(g2) transmitting the characterised first biometric information to the first computer;
(g3) using the processor of the first computer, registering the current biometric information sample with a template to produce a current registration value;
(g4) when the first registration value and the current registration value are within predetermined limits, identifying the individual; and
(g5) when the first registration value and the current registration value are within second other predetermined limits, repeating step (g).